Haproxy & CloudFlare & Cf-Connecting-Ip

@santory wrote:

Hello
I use Claudofler before loading Blancher Haproxy.
I would like to add a x-local header if the client IP was on a specific list.
It should be noted that the headers come from the side of the Coldflight server
Please advise.

defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
retries 2
maxconn 2000000
timeout client 60s
timeout server 60s
timeout queue 60s
timeout connect 4s
option httpclose
option abortonclose
timeout http-request 5s
option http-keep-alive
option tcp-smart-accept
option tcp-smart-connect
stats enable
stats refresh 10s
stats uri /stats
stats realm Authentication\ Required
stats auth admin:usetsels

frontend testsite_https
bind 192.168.0.31:443 ssl crt /etc/haproxy/certs/testsite.com/testsite.pem alpn h2,http/1.1 npn h2,http/1.1
mode http
option http-keep-alive
option forwardfor
acl is_cf req.hdr(cf-connecting-ip) -m found
acl from_eli_cf req.hdr_ip(cf-connecting-ip) -f /etc/haproxy/eli.subnets
acl whitelist src -f /etc/haproxy/WL.subnets
acl badbots hdr_reg(User-Agent) -i -f /etc/haproxy/badbots.lst
acl from_tr src -f /etc/haproxy/tr.subnets
acl from_eli src -f /etc/haproxy/eli.subnets
acl url_cdn hdr_end(host) -i cdn.testsite.com
acl url_cdn hdr_end(host) -i cdnx.testsite.com
acl m_testsite hdr_end(host) -i m.testsite.com
acl host_testsite hdr(host) -i testsite.com
acl host_testsite hdr_end(host) -i testsite.co
http-request deny if badbots !whitelist
http-request add-header X-Country %[req.hdr(Cf-Ipcountry)] if is_cf
http-request add-header X-Local Yes if from_eli_cf
reqirep ^cf-connecting-ip:(.) X-Forwarded-For:\1 if is_cf
reqadd X-Country:\ IR if from_tr
reqadd X-Forwarded-Proto:\ https
reqadd X-Local:\ Yes if from_eli
redirect code 301 prefix https://www.testsite.com if m_testsite
use_backend cdn-testsite if url_cdn
use_backend cdn-video if video_cdn
use_backend eli-weblog if url_weblog from_tr
use_backend eli-weblog-x if url_weblog !from_tr
default_backend testsite
rspidel ^X-.
rspirep ^Server:.* Server:\ testWeb\ 0.1
rspadd X-XSS-Protection:\ 1;\ mode=block
#rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload;
rspadd X-Content-Type-Options:\ nosniff

Posts: 2

Participants: 2

Read full topic

Haproxy & CloudFlare & Cf-Connecting-Ip

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

Practice Sheet of Right form of verbs for HSC Students

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

City Hunter Teledrama – Episode 18 – 07th May 2016

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

Bureau of Internal Revenue: Regional Offices (Directory)

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

East Hull MD admits sexual assaults after another victim comes forward

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Who’s been sentenced at Northampton Magistrates’ Court

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

Wondershare Filmora X v10.1.20.16 x64

Man arrested after fracas in flat

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...